Redeye, Inc.https://www.redeye.tech
Mon, 13 Aug 2018 15:34:31 +0000en-UShourly1https://wordpress.org/?v=4.7.11Reddit Users Advised To Reset Their Passwordshttps://www.redeye.tech/2018/08/13/reddit-users-advised-to-reset-their-passwords/
https://www.redeye.tech/2018/08/13/reddit-users-advised-to-reset-their-passwords/#respondMon, 13 Aug 2018 15:00:00 +0000https://www.redeye.tech/2018/08/13/reddit-users-advised-to-reset-their-passwords/If you're a Reddit user, it's time to change your password. According to the company, they recently discovered evidence of a hack that exposed all company data from the site's launch (2005) ...]]>If you're a Reddit user, it's time to change your password. According to the company, they recently discovered evidence of a hack that exposed all company data from the site's launch (2005) to 2007, including user emails and account credentials.

The company also reported that all public messages from that time period were downloaded, as well as an unknown number of private conversations.

In addition to that, the hacker was apparently able to access the logs containing the email digests that Reddit sent out between June 3rd and June 17th of 2018. Note that you were only impacted by this portion of the hack if you received an email from noreply@redditmail.com between the dates mentioned.

Reddit is following what has quickly become standard procedure in the wake of an event like this. They reported the incident and are currently working with law enforcement to investigate the matter. Additionally, the company has bolstered its security, including making two-factor authentication a requirement to access all sensitive internal systems.

One slight departure from the standard response is this: Rather than notifying only the users whose email addresses and account credentials were compromised, Reddit is urging all users to change their passwords immediately and to enable two-factor authentication if you have not already done so.

It's sound advice, but unfortunately, advice that only a minority of Reddit users will likely heed.

This is hardly the first high profile data breach in 2018, and it certainly won't be the last. Each new breach reported on only sounds the alarm more loudly. Corporate systems are woefully insecure, and the hackers are finding more and more success. 2018 is on track to break the record set in 2017 for the most breaches in the history of the internet, and next year will probably break the record set later this year.

]]>https://www.redeye.tech/2018/08/13/reddit-users-advised-to-reset-their-passwords/feed/0Click Rates For Spam Emails Are Increasinghttps://www.redeye.tech/2018/08/11/click-rates-for-spam-emails-are-increasing/
https://www.redeye.tech/2018/08/11/click-rates-for-spam-emails-are-increasing/#respondSat, 11 Aug 2018 15:00:00 +0000https://www.redeye.tech/2018/08/11/click-rates-for-spam-emails-are-increasing/F-Secure recently published a new report, and their findings are disturbing. The click rates on spam emails increased to 14.2 percent for the second half of 2017, up from 13.4 percent reported ...]]>F-Secure recently published a new report, and their findings are disturbing.

The click rates on spam emails increased to 14.2 percent for the second half of 2017, up from 13.4 percent reported in the first half of 2017.

The increase seems to be driven by two factors.

First, more intense targeting of smartphone users, who are typically more distracted and not paying as much attention when opening and reading emails.

Second, a slight increase in sophistication. For instance, an email that appears to come from a known sender is 12 percent more likely to be opened and responded to, so hackers are using this approach more often.

Even so, the report isn't all bad news. While spam is still the most common means of attack, it's highly inefficient, relying on brute force (volume) rather than an abundance of sophistication. Second, the report reveals that 85 percent of malicious attachments are made up of just five file types:

*.7z

*.PDF

*.XLS

*.DOC

*.ZIP

Knowing this, a savvy user who's paying attention can more easily avoid falling into the trap of the hackers.

Other highlights from the report include:

46 percent of all spam campaigns are related to online dating

23 percent contain the malicious attachments described above

31 percent contain links to malicious websites

Sean Sullivan, an F-Secure Security Advisor had this to say about the report:

"We've reduced criminals to spam, one of the least effective methods of infection. Anti-malware is containing nearly all commoditized bulk threats. And honestly, I don't see anything coming over the horizon that could lead to another gold rush, so criminals are stuck with spam."

Overall, the report is bad news mixed with some good. One thing it clearly underscores is the continuing importance of ongoing email education for all employees of companies of any size.

]]>https://www.redeye.tech/2018/08/11/click-rates-for-spam-emails-are-increasing/feed/0The Internet May Be Hurting Your Sleephttps://www.redeye.tech/2018/08/10/the-internet-may-be-hurting-your-sleep/
https://www.redeye.tech/2018/08/10/the-internet-may-be-hurting-your-sleep/#respondFri, 10 Aug 2018 20:19:00 +0000https://www.redeye.tech/2018/08/10/the-internet-may-be-hurting-your-sleep/Can you imagine life without the always-on internet? If you're like most people today, it's a simply indispensable tool, and the thought of suddenly being without it makes you shudder and brings ...]]>Can you imagine life without the always-on internet? If you're like most people today, it's a simply indispensable tool, and the thought of suddenly being without it makes you shudder and brings images of the Dark Ages to mind.

It's glorious, no doubt, and it really is a remarkable tool, but unfortunately, it's not all upside. A recent study funded by the European Research Council has concluded that access to broadband internet access costs you as much as 25 minutes of lost sleep every night. Considering that most of us are already getting by on far too little sleep, that's not good.

Luca Stella, one of the researchers responsible for the study, had this to say about it:

"Internet addiction and technology use near bedtime are often blamed as a major cause of the sleep deprivation epidemic. Yet the empirical evidence on this relationship is still limited. In our study, we first show descriptive evidence that the use of digital services at night is correlated with shorter sleep duration. Then, exploiting differences in the access to high-speed internet caused by the pre-existing telephone infrastructure in Germany, we analyze the relationship between high-speed internet and sleep. We find that access to broadband internet reduces sleep duration and sleep satisfaction."

While the report is clearly bad news, in many ways, it merely confirms what we already knew. It seems self-evident that if you spend time surfing the web just before bed, you're probably going to get sucked in, which is going to cut further into your already limited sleep time. Sure enough, we now have evidence that supports this notion.

What is interesting in the report, and something that runs counter to most people's assumptions, is that people in the 30-59 year age range suffered more sleep loss than those in the under 30 crowd.

A fair question then, is how much sleep are you getting? If you'd like more, it might be time to consider curtailing late-night internet use.

]]>https://www.redeye.tech/2018/08/10/the-internet-may-be-hurting-your-sleep/feed/0New Tools Help You Limit Your Social Media Timehttps://www.redeye.tech/2018/08/10/new-tools-help-you-limit-your-social-media-time/
https://www.redeye.tech/2018/08/10/new-tools-help-you-limit-your-social-media-time/#respondFri, 10 Aug 2018 15:00:00 +0000https://www.redeye.tech/2018/08/10/new-tools-help-you-limit-your-social-media-time/Facebook and Instagram are rolling out new tools designed to help manage how much time you're spending on those two social media platforms. On Facebook, the new feature is called "your time ...]]>Facebook and Instagram are rolling out new tools designed to help manage how much time you're spending on those two social media platforms.

On Facebook, the new feature is called "your time on Facebook," and on Instagram, it's called "Your Activity," but both features do essentially the same thing.

They monitor and report on how much time you're spending on the platform and can be fine-tuned by users to temporarily mute your push notifications.

The changes are being rolled out in an effort to address concerns that a number of groups are now raising. The concerns are about the addictive feedback loops built into social media apps. These feedback loops have been demonstrated to have a negative effect on the well being of users who get sucked in too deeply.

The new features will be rolled out to 99 percent of the users on each platform. The company is withholding the new features from 1 percent to allow for comparative testing.

Once they become available, the new features can be found under the "Hamburger Menu," which is the nickname for the three vertical lines at the top right-hand corner of the Facebook app. On Instagram, the new feature can be found under the settings menu, accessible by tapping the gear icon on your Instagram profile.

It remains to be seen whether these new features will have the desired effect. Since they have to be manually activated, odds are that the impact will be minimal. For a certain subset of users who seem not to be able to control their social media addiction on their own, it might provide just enough of a boost to make a difference.

Even if that proves not to be the case, it's clear that the company takes the matter seriously, so we can expect to see more from them on this front in the months ahead.

]]>https://www.redeye.tech/2018/08/10/new-tools-help-you-limit-your-social-media-time/feed/0New Scam Targets Apple Users https://www.redeye.tech/2018/08/09/new-scam-targets-apple-users/
https://www.redeye.tech/2018/08/09/new-scam-targets-apple-users/#respondThu, 09 Aug 2018 15:00:00 +0000https://www.redeye.tech/2018/08/09/new-scam-targets-apple-users/There's a new, surprisingly elaborate phishing scam targeting iPhone users. The scam starts with an email informing users that their phones have been locked due to "illegal activity" and instructing them to ...]]>There's a new, surprisingly elaborate phishing scam targeting iPhone users. The scam starts with an email informing users that their phones have been locked due to "illegal activity" and instructing them to call "Apple Care" to get the problem fixed.

Of course, there is no such company as Apple Care, but it's an official enough sounding name that it's luring a surprising percentage of victims into calling. In fact, opening the email will open a call dialog box, making connecting to "help" a very simple, and incredibly tempting option.

Naturally, the person on the other end of the phone isn't tech support, but a hacker who's looking to obtain as much information about the caller as possible. It's a well thought out, well-engineered scam and it's taking a lot of people in.

Given that smartphones have officially overtaken PCs as the primary means of surfing the web, it should come as no great surprise that phishing attacks targeting smartphone users are on the rise. Since most people keep their whole lives on their phones these days, it's no wonder that so many people are quick to try and get help at the first sign of trouble with their cherished device.

Hackers are all too aware of that fact and are increasingly using it to prey on unsuspecting victims. Unfortunately, people tend to be more distracted when they're on their phones versus when they're using a PC, which explains why phishing attacks directed at smartphone users tend to succeed more often than they do against PC users.

Don't fall for it.

Train your brain to be more mindful of any email you get that hints at a problem with any account or device you control. The best thing you can do if you get an email like that would be to close it and test the account or device yourself to verify that it's locked. If it isn't, delete the email and assume it was a scam. If it is locked, reach out to the company directly, rather than clicking links embedded in an email, or calling numbers obtained from an email.

That's still not a fool proof solution, but it will help to minimize your risks.

]]>https://www.redeye.tech/2018/08/09/new-scam-targets-apple-users/feed/0Lifelock Customers At Risk Of Email Information Exposurehttps://www.redeye.tech/2018/08/08/lifelock-customers-at-risk-of-email-information-exposure/
https://www.redeye.tech/2018/08/08/lifelock-customers-at-risk-of-email-information-exposure/#respondWed, 08 Aug 2018 15:00:00 +0000https://www.redeye.tech/2018/08/08/lifelock-customers-at-risk-of-email-information-exposure/A dark day for Lifelock, the Identity Theft Protection company. It has recently come to light that the company may have accidentally exposed their customers to additional attacks. They recently fixed a ...]]>A dark day for Lifelock, the Identity Theft Protection company. It has recently come to light that the company may have accidentally exposed their customers to additional attacks.

They recently fixed a vulnerability on their website that allowed anyone with a browser to index email addresses associated with their entire customer database. The vulnerability can even unsubscribe users from company communications designed to keep them safe and keep them apprised of changes they need to be aware of.

In addition to that, the vulnerability made it possible for hackers to initiate highly targeted phishing campaigns and create a convincing spoof of the Lifelock brand.

Symantec, which purchased Lifelock in late 2016, took the company's website offline not long after being contacted by KrebsOnSecurity, which is how they became aware of the vulnerability.

Krebs was made aware of it by Nathan Reese, a freelance security consultant based out of Atlanta. Nathan put together a proof of concept script that was capable of downloading the email addresses of all 4.5 million of Lifelock's customers and then presented it to Krebs.

Reece aborted his script after downloading 70 emails so as not to set off alarm bells at Lifelock, and had this to say about his discovery:

"If I were a bad guy, I would definitely target your customers with a phishing attack because I know two things about them. That they're a LifeLock customer and that I have those customers' email addresses. That's a pretty sharp spear for my spear phishing right there. Plus, I definitely think the target market of LifeLock is someone who is easily spooked by the specter of cybercrime."

He's not wrong, so it's good that Reece isn't a bad guy.

There's no evidence that any hackers were aware of the issue, or made off with any of Lifelock's customer emails. However, given the existence of the now-patched flaw, it pays to be suspicious of any email that appears to be coming from Lifelock for the short to medium term, at least.

]]>https://www.redeye.tech/2018/08/08/lifelock-customers-at-risk-of-email-information-exposure/feed/0Automatic Mobile Picture Sync Coming To Windows 10https://www.redeye.tech/2018/08/07/automatic-mobile-picture-sync-coming-to-windows-10/
https://www.redeye.tech/2018/08/07/automatic-mobile-picture-sync-coming-to-windows-10/#respondTue, 07 Aug 2018 15:00:00 +0000https://www.redeye.tech/2018/08/07/automatic-mobile-picture-sync-coming-to-windows-10/Microsoft has made numerous ventures into the smartphone ecosystem, but so far, they've only been met with limited success. This time, they're trying something a little different. Instead of making their own ...]]>Microsoft has made numerous ventures into the smartphone ecosystem, but so far, they've only been met with limited success. This time, they're trying something a little different.

Instead of making their own Windows-based phones, they've created a "Your Phone" app that syncs your phone with your PC. The app is still in testing and is slated to be released sometime in October.

At present, while there are two versions (Android and iOS), the Android version is currently more limited than the iOS version. The Android version works like this: If you take a picture with your Android smartphone, it will sync automatically to your PC, allowing you to access or edit the image in something close to real time.

With the iOS version, you can surf the web on your phone, send the web page to your phone and pick up surfing where you left off. That's much handier, because among other things, it allows you to start watching a streaming video on your phone, then switch to a bigger screen for a better viewing experience.

In addition to the development of this new app, Microsoft is taking steps to try and bolster the popularity of its Edge browser. Coming soon will be a biometric sign-in for Edge, which gives users a password-free method of signing into websites in hopes of keeping at least some percentage of users from switching their default browsers to Chrome, Firefox, or some other option.

At present, the changes are interesting, but not compelling. We expect that Microsoft will continue heavily investing in integration, however, in a bid to increase its presence in the market. Whether their latest efforts will bear fruit remains to be seen, but from what we've seen so far, the early versions of the Your Phone app show promise. Kudos to Microsoft, and here's hoping these first steps lead to even greater integration and an improvement to the overall experience down the road.

]]>https://www.redeye.tech/2018/08/07/automatic-mobile-picture-sync-coming-to-windows-10/feed/0Connecting To Aiport Wi-Fi Puts Your Data At Riskhttps://www.redeye.tech/2018/08/06/connecting-to-aiport-wi-fi-puts-your-data-at-risk/
https://www.redeye.tech/2018/08/06/connecting-to-aiport-wi-fi-puts-your-data-at-risk/#respondMon, 06 Aug 2018 15:00:00 +0000https://www.redeye.tech/2018/08/06/connecting-to-aiport-wi-fi-puts-your-data-at-risk/File this away under things you already knew. Coronet recently released a report entitled "Attention All Passengers: Airport Networks Are Putting Your Devices & Cloud Apps At Severe Risk," and the news ...]]>File this away under things you already knew. Coronet recently released a report entitled "Attention All Passengers: Airport Networks Are Putting Your Devices & Cloud Apps At Severe Risk," and the news is about what you'd expect.

The report was more than five months in the making. The analysts poured over oceans of data on device vulnerabilities and Wi-Fi network risks from more than a quarter of a million consumer and corporate endpoints that passed through the 45 busiest airports in the United States.

The bottom line is simply that airport Wi-Fi is woefully unsafe, especially as compared to most corporate networks, and anyone connecting to those networks is asking for trouble.

Some offenders proved to be worse than others. The report names the San Diego International Airport, John Wayne Airport - Orange County (CA), and the William P. Hobby International Airport (Houston, TX) as being among the least secure in the nation.

The risk is that while traveling, most people don't think about what network they're connecting to or how secure it might be. This is an incredible opportunity for hackers, because once an employee's laptop or mobile device is infected, the integrity of the employers' cloud-based work apps is jeopardized.

Coronet's founder, Dror Liwer, had this to say about the findings:

"Far too many US airports have sacrificed the security of their Wi-Fi networks for consumer convenience. As a result, business travelers in particular put not just their devices, but their company's entire digital infrastructure, at risk every time they connect to Wi-Fi that is unencrypted, unsecured, or improperly configured.

Until such time when airports take responsibility and improve their cybersecurity posture, the accountability is on each individual flyer to be aware of the risks and take the appropriate steps to minimize the danger."

Be sure your employees are aware of the risks any time they travel. Your company's future might depend on it.

]]>https://www.redeye.tech/2018/08/06/connecting-to-aiport-wi-fi-puts-your-data-at-risk/feed/0Twitter Is Getting Tough On Appshttps://www.redeye.tech/2018/08/04/twitter-is-getting-tough-on-apps/
https://www.redeye.tech/2018/08/04/twitter-is-getting-tough-on-apps/#respondSat, 04 Aug 2018 15:00:00 +0000https://www.redeye.tech/2018/08/04/twitter-is-getting-tough-on-apps/Twitter has long had a reputation for being at the mercy of bots that have been used to sway public discourse and opinion. Often, these bots are controlled via Twitter API ...]]>Twitter has long had a reputation for being at the mercy of bots that have been used to sway public discourse and opinion.

Often, these bots are controlled via Twitter API apps that allow the authors to automate most of their actions, such as tweets, follows, and likes.

In the face of Facebook's recent grilling before congress, Twitter has decided to take a more proactive stance, and has recently announced major changes to their policies.

The first part of the company's statement to that effect reads as follows:

"Starting today, all new requests for access to Twitter's standard and premium APIs are required to go through a new individual approval process."

In addition to the newly announced approval process, the company moved decisively to cut off more than 143,000 apps they deemed to be in violation of the company's terms of service.

The more robust approval process requires app developers to provide more information about themselves and the ultimate purpose of the apps they design. Additionally, Twitter has put a hard cap on the number of apps that developers can create and manage, which tops out at ten. If developers need to run more than that, they'll need special permission from Twitter, and they'll have to provide a compelling reason to justify the need.

Beginning September 10th, 2018, the company will be placing additional restrictions on every Twitter App which will control their use rates.

The new rate limits (per app) will be:

300 Tweets and Retweets per hour

1,000 likes per 24 hours

1,000 follows per 24 hours

15,000 direct messages per 24 hours

The company reserves the right to either remove or further restrict these limits for legitimate reasons.

On top of all that, Twitter has also modified its Twitter API support page to include an option for reporting "bad apps" that break one of the company's policies. According to the company, the combined effect of all of these changes should "help cut down on the ability of bad actors to create spam on Twitter via their APIs."

While it remains to be seen how effective these changes will be, kudos to Twitter for taking action.

]]>https://www.redeye.tech/2018/08/04/twitter-is-getting-tough-on-apps/feed/0Microsoft Working On Delay Feature For Windows 10 Update Installshttps://www.redeye.tech/2018/08/03/microsoft-working-on-delay-feature-for-windows-10-update-installs/
https://www.redeye.tech/2018/08/03/microsoft-working-on-delay-feature-for-windows-10-update-installs/#respondFri, 03 Aug 2018 15:00:00 +0000https://www.redeye.tech/2018/08/03/microsoft-working-on-delay-feature-for-windows-10-update-installs/If you've used Windows 10 for any length of time, you've probably had this happen to you. You're right in the middle of working on something important, and all of a ...]]>If you've used Windows 10 for any length of time, you've probably had this happen to you. You're right in the middle of working on something important, and all of a sudden, your OS decides it would be a great time to install some updates!

In response to user complaints, Microsoft introduced a "snooze" feature that allowed users to delay the installation of upgrades.

However, this sparked as many complaints as it silenced, because unfortunately, it causes more frequent device reboots. Now, Microsoft is trying again.

According to Dona Sarkar, Window's Insider Chief:

"We heard you, and to alleviate this pain, if you have an update pending, we've updated our reboot logic to use a new system that is more adaptive and proactive."

The company is using machine learning to accurately predict when the best time to restart the device is.

"We will not only check if you are currently using your device before we restart, but we will also try to predict if you had just left the device to grab a cup of coffee and return shortly after," Sarkar says.

So far, the company has limited itself to internal testing, but the early results have been promising. As of now, the new model should be available to Windows Insiders (Redstone 5 and 19H1 updates), which will give company engineers a much broader pool of feedback which will allow for additional fine-tuning.

It's too early to tell if this is indeed the solution to the problem, but if it is, it will finally put an end to one of the most frustrating aspects of using Windows 10. We have to say, we're impressed with the changes in the company in recent years. Kudos to Microsoft for taking action and being responsive to their user base.